e8d7eb1532d41c0b920a8c3d01bff63f23619c4e04a80de22ba27f7b18437fb8

Analysis

max time kernel
97s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 09:20 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1433214838524ccdac23a9139c169cdd.exe
Size

156KB
MD5

1433214838524ccdac23a9139c169cdd
SHA1

7831f5c8e05d233f29456a48d8690c7e49f77f23
SHA256

e8d7eb1532d41c0b920a8c3d01bff63f23619c4e04a80de22ba27f7b18437fb8
SHA512

2ccc394896f398e5ff111591428ec1ec74352094e3933895deeacb651c1960a71b8ffbcac2ec072bb3a5887b4a4328ecdac63f0e6f69b71cc4a26cdffa3f5284
SSDEEP

3072:GLXTYjj9L4obnXm/j/Dq03eYeUB1GQE3pxBnAsudd639SvO3t5:WX8aaXm/7Dq2pBjE3pzwdsaOH

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2516	4904	WerFault.exe	41

C:\Users\Admin\AppData\Local\Temp\1433214838524ccdac23a9139c169cdd.exe
"C:\Users\Admin\AppData\Local\Temp\1433214838524ccdac23a9139c169cdd.exe"
1⤵
PID:4904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 272
  2⤵
  - Program crash
  PID:2516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4904 -ip 4904
1⤵
PID:4048

Network

DNS

146.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.177.190.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

137.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.71.91.104.in-addr.arpa

IN PTR

Response

137.71.91.104.in-addr.arpa

IN PTR

a104-91-71-137deploystaticakamaitechnologiescom
DNS

83.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.179.17.96.in-addr.arpa

IN PTR

Response

83.179.17.96.in-addr.arpa

IN PTR

a96-17-179-83deploystaticakamaitechnologiescom
DNS

53.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.179.17.96.in-addr.arpa

IN PTR

Response

53.179.17.96.in-addr.arpa

IN PTR

a96-17-179-53deploystaticakamaitechnologiescom
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

146.177.190.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

146.177.190.20.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

88.156.103.20.in-addr.arpa

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

213 B
145 B
3
1

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

137.71.91.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

137.71.91.104.in-addr.arpa
8.8.8.8:53

83.179.17.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

83.179.17.96.in-addr.arpa
8.8.8.8:53

53.179.17.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

53.179.17.96.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa

Windows 7 deprecation

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.